date:20200504

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, May 04, 2020 at 06:48:34PM -0500, Sven Semmler wrote:
> Haven't tried to install anything in German for the last 20 years, but I
> would assume that Fedora and Debian have German versions. 

There is 'system-config-language' in Fedora. You might want to play with
it in a Fedora template.

/Sven


- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6wrH4ACgkQ2m4We49U
H7YWVhAA05CH0kBuFMMysMN/wVIYc90MxPZ+5rC49aJmjzeuNIeVFLze1wD3ZK7S
qlmX7LpHUbXMkWWwAIAzVgwH7JAwTd2G7kubu8InsHqSHAtnQZMalxEYg7aZ37lW
WEpYRTnB5f21Asavr+TWetSySnpHn5cutol80L4wEpBClRKNFc2x0JanH18XJzCM
rvA3ZG3elMAbZDWbL6Eo6I8dVHFMVaX5I0v2mfjdFD8FD0rH1AEEzocIOAXQlIa+
ApcVcBPiUQxMA/U8I2tsvSKrgWXBORwa5I1b2qylVkTi1QMiIKN2qypCalJ1ywZ5
uW9h7zZ+cqmMz2cKRed66nilQsKQxJhkk2NfpjyKB/RixA++LO4ZQb3GgbtgQFD9
XCR0FjozPTDScBEc2ppKFpUvLLv+0GMnyV2Q0SYmo+IRhvDFJj8H/rLkQIyJEJ0A
lxDTL2KDa5XlBycyZfb2oT19PXAlQjtl7tNOFJ9iBDOJ8sQ8lyuRuQTHBdSNa2LK
UEQC8yTYUPyur4XoGEs3RKxVhhdxrJZR3MvtjflhCt85fldZSmJXtaVx8YGH2nB6
xjVBNu2DzlZEMuzUX5yvhZsee663E34w5QEMTbieEqBWHqvnNqYYFmbbpagIB968
16SgnLhTlkkFkPZ8ljXlNvUzSbb3D09oq7XVzGxVVUZDYAgq3IM=
=euKk
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504235958.GE3029%40app-email-private.

Re: Antw: [EXT] [qubes-users] To the Qubes developers (German translation) - An die Qubes Entwickler (Übersetzung auf Deutsch)

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, May 04, 2020 at 11:40:35PM +0200, haaber wrote:
> I'd be ready to share a part of the translation work. 

Me too.

> One of the questions is wether standard linux-messages could be 
> "imported" from other linux language-packs into qubes - to build 
> a starting set. That would solve the overwhelming part of the 
> texts, to my belief: there is not so much completely qubes-specific, 
> is there??

I agree. There should already be German versions of Xfce for Fedora 25
(dom0). What's left then are the tray menus and the Qubes Manager. 

All the applications come from the templates. There should be localized
versions of Fedora / Debian with German versions of the common Gnome
tools etc. ... right?

Haven't tried to install anything in German for the last 20 years, but I
would assume that Fedora and Debian have German versions. 

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6wqdMACgkQ2m4We49U
H7aTYxAA5Jes+y0hD21Zo1MU8V4pWjZJMQTMnld5Z9B+qMbxJersV8TsVPIyTaDv
tR7bdSAko/pCe3p4pDOMYkHB6CYeGxBEWyiWV/MQIYlTLtNUivahv4u7zHNI0dCH
FLRhuHT13XlFJWtH5lKsf9NEmTihO+aC0Sde3Qaule2SvY/1coP/K9l1/tGcR2ud
BEzNxVx5pL0HxGp212ERlasGkDUfRiO+NEn3j7iqA4eIiky0ZWPH2C7wsANy8L9u
XLF4BfhwgVtITjb/0FhtghMCK7ANwTexVcZwaKjH0rijJdGpaqn5JhoNaeHyQ5To
hw5sd0YiDmqmm7cYjQFtbbn24bvEaLXt9OwfSJRYV+DlNEPOdNx2nv8cYgUVOfzv
JiZU0LUEBDt8SKlkqo372kFQCALydmp35FQfVkJGmEWmm+5SzRMt/GDL/a7jPO7l
G3kW1or+tJOV3oBYBXu++jlyS7fSh8K/OMW4sCWJlRikdAP1iYlC2clleWQ5yePw
nxEfH1a0ACPghYm92kap8VbhCJGgAxHUGYphtW9xSYDtBpiezNqQEoKqZCil//eQ
5BVjREHPlI9+Jd6TGknh+gV9jZrHipH1l3RAsOeFxWsWM06dpS7EhO+fgaB8xD5m
0J0TGE6MlkuzP0cndLAhQrCLeha5UG4AFP49E3uY0ztOcJtXDM0=
=DYlf
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504234834.GD3029%40app-email-private.

Re: Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, May 04, 2020 at 09:50:31PM +0200, Ulrich Windl wrote:
> Sorry, the problem with Windows is that it was designed for stupid people, 
> just to sell more copies. 

I'll simply assume this is more a statement of frustration then a
serious attempt to explain anything.

> I severely doubt you can convince the typical Windows user to use QubesOS for 
> daily work. "Security" is not a product you can buy, and "security" is the 
> "is the opposite of "comfort". 

Security and comfort are more like two opposing poles of a continuum.
Personally I do think Qubes does a rather excellent job of
demonstrating "reasonable security".

It is rather unrealistic (at this point) to expect the average user to
install and configure Qubes correctly - agreed. However I can imagine it
being used by average users in a government/business context with a
normal amount of training (they would received for any other newly
introduced solution too).

Actually once installed and configured correctly there isn't much
difference at all. You'd have to teach them to

- pay attention to the color of the window frame
- how to use copy/paste
- how to move files between domains
- how to attach USB devices and when that's OK and when not*

*e.g. webcam/mic for conferencing = OK, USB stick to
confidential domain = Not OK etc.

> People want comfort not security. Why else would they use Alexa or Google 
> assistant or Siri, dubious password managers, etc.?

Sure. This is all about context. Qubes for private use without the user
recognizing the need is unrealistic. And even with the ones recognizing
the need Qubes in it's current from might not be there quite yet.
However, efforts like the preconfigured Privacy Beast are a very
encouraging step in that direction.

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6wpyMACgkQ2m4We49U
H7ZTuw//d9HRr3in3+O6qPaFCu9peYftsx1eFGDc2WpYoabfuYJwk/lOyUk1hCgN
NkjYZ1ggHTqQbh7OZjD4lkm/0AcUYjMKwTNT3UhHs9dxvBTBiLjt8O/tRkdteBKm
bf2yT4T0h7OgaHvEU8eYClH6sRgNIF+fiVk3pgLsAvM2JRF1VHaRak1/6Df3mD8i
mlmpekTnfn/fmOfgjG2+ciXx/s0D0GRtidOwm3sgSBOhaD6GLQmlBURaRSMNoqR0
6U6S31ax51cIBTaGXYMLh0rVvE2ell/YUp+KFNgaFeGvWrTLkP/NoI2adwc49U+w
hwo5Wp1Mwheh7td2QJMijFIV9xNeoP+WgKeYGddUf8E/uMzDKCIiKBKfbOypZ7ED
bkZiDGmzzKHZb1/X81pFk+docmSBJqbB6cMSWCwvc38qj0Gsjz/4tHESzoQ5N+Xz
pofk8k9GR/u832wnWE/b0n139ZWJOAmDDukwojrDyIA2nu9V4+NTXwWMoap30xhb
DNb7/dIdXnk9GV2h/9HZvVcSpQEhQo8vzdw76GoUfSNilJ/QApqUflKNmrShhgeK
xjLYXgInuhog2MsW5DotVZ+fhz9XXc6936oWJk+lKALoGuJUjA83ypD++4xBJEti
5zoIfwm36Ec1szMM1ak2H+DBAy1ouzPLq/JdQDA3ObMAcpYXnFw=
=uv1a
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504233707.GC3029%40app-email-private.

Re: [qubes-users] Re: connecting an iPhone to a AppVM - 4 non-working attempts

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Sun, May 03, 2020 at 10:01:40PM +0100, lik...@gmx.de wrote:
> Signal processing controller: Intel Corporation Sunrise Point-LP Serial IO 
> I2C Controller #0

I happen to have the same chipset you have. But I have never attempted
to attach the Signal processing controller (dom0:00_15.0) to Windows ...
what's your use case?

To make your iPhone play nice with Windows/iTunes only the USB
controller (dom0:00_14.0) is required.

> I installed the USB drivers from Lenovo as I'm assuming that there will be a 
> pass trough. Unfortunately, this doesn't work. Windows still is looking for 
> drivers and doesn't find them.

I am running the "Intel USB 3.0/3.1 eXtensible Host Controller Driver"
Version 5.0.4.43 downloaded directly from the Intel website. 

https://downloadmirror.intel.com/22824/eng/Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver_5.0.4.43_v2.zip

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6woloACgkQ2m4We49U
H7ZaRw//ceNZIn6+9KzkhSldruKhaYiYP+T6dh1YKOQiImEw6l143xFq2Z0oOpzY
qZiPNIPhwz/3Zg2ZoMzwQaOcSBiHnl0O0Fn7TxfAl52CKuUhlSLdMHk5lctc9G7r
qN4cvE2hjUae7ET8AEzn9PnoTC/UeddQG6OtWU2VJHZeI+c+ToxWvNd042Q98lz6
/L4jxSc9TL2jJy0RCxgBiZeWSEIQGJ51xYgFRurfvtE1O4OtdBoHXuQqCWRcCRJr
lZfgEiVnUXJGjpzkLowL2dMwTZ1DTauGDkSlPp3PigFVlSgDb/pOU69E12jFSVfn
V3dOLuk4SnhbjAiH7AcXxlUBQECEDzI8s4XY4NlmeoNQ2IJCQojNcfQX2fCLfbwL
WFpsdlt9RvaYkj6P4ZCc/ZDI628A9nLW1ruQAE9L0wfBxErAQp6n7xGBCh0g38/Q
3WZCA54Cxr+0U2HrnAegL72W8EuWSAUzwz4njIICMbWjxNj89zsn7b3wDfUkh/AM
ry7XJ+YMQALKJT3IEjQZb+ovjt/l2cXEpiElCKSWQ8FLkoYIwy9gqMuFCkEX7SD7
dEwhkvVJ1WRJwrHBwaDOt94cao2GKbUnupinKdNo8GJoabbXP/8+MFMjKQOPwdnd
UDuk+G7ZnArN5pDukkD+iHjQUBjDM3Lasevz9ded7Tb/ieU3uIE=
=vp1j
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504231641.GB3029%40app-email-private.

Re: Solved: [qubes-users] external CD writer

2020-05-04 Thread dhorf-hfref . 4a288f10

On Mon, May 04, 2020 at 11:21:18PM +0200, Olaf Klinke wrote:

> Where in the documentation is that stated? The manpage of qvm-device
> does not mention this. The only hint is that all examples of qvm-usb in
> the documentation show sys-usb as backend. 

for example in the documentation about usb devices:

https://www.qubes-os.org/doc/usb-devices/

"Note: you cannot pass through devices from dom0 (in other words: a USB
 qube is required)."

> 3. Putting the USB keyboard in a qube can and has locked users out of
> their systems. 

forgetting their luks passphrase and careless use of fdisk also can
and has locked people out of their systems.
doesnt mean we remove disk encryption or all tools that can write
to a disk in the wrong place.

disabling autostart for the usbvm that has your keyboard is a pretty
solid way to avoid locking yourself out hard.
and shooting your own foot with it every now and then tends to be
educational, just like remote administration of firewalls. :D

> 4. If possible, keep the input devices (and only those) attached to
> dom0 while attaching all others to sys-usb. 

i would put _all_ usb controllers into usbvms, even the one(s) used
for privileged devices. 
you still need to make sure that the kbd one is attached to dom0 
during boot though.

> Luckily I seem to have two USB controllers for my peripheral USB ports,
> so I can easily separate input- from other USB-devices. Is (4)

i recommend you check if this is actualy the case.
there are some _really_ weird USB setups where it looks like different
controllers, but it is really just multiple pci devices on the same
physical controller. and usb devices plugged into the same usb port end 
up on one or the other "controller" depending on speed negotiated.
my check would be to configure different usbvms for each controller,
then plug around some devices between physical ports and see in
which vm they end up, and keep notes on that.

> possible/recommended? The documentation shows how to hide _all_ USB
> controllers from dom0, so I assume one can also choose to hide _some_. 

https://github.com/QubesOS/qubes-core-admin-linux/blob/master/dracut/modules.d/90qubes-pciback/qubes-pciback.sh

rd.qubes.hide_pci=01:23.3,05:67.8

google is hard? perhaps you should consult a data scientist or so? :P

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504221655.GH987%40priv-mua.

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-05-04 Thread Chris Laprise

On 5/2/20 6:54 AM, unman wrote:

On Sat, May 02, 2020 at 08:22:57AM +, taran1s wrote:

unman:

On Fri, May 01, 2020 at 11:54:27AM +, taran1s wrote:

taran1s:

Chris, I tried now to connect to the kraken.com, which seems to be tor
unfriendly through me->tor->VPN->kraken.com but it returns error on the
site "Disabled".

I learned now that despite I use the above connection model, using VPN
as an exit, I still exit from the tor exit not and not from the VPN. I
am not sure what broke.

If I understand your model: me->tor->VPN->kraken.com
you are running Tor *through* your VPN - this means that your service
provider sees your connection to the VPN, and your VPN provider sees
your connection to the first Tor hop.
Naturally, when you exit the VPN and set up the TOR circuit, it's a Tor
exit node that connects to kraken.
The VPN is NOT an exit in this model. Nothing has broken.

I am actually using mullvad VPN. The idea is to have the possibility to
access websites or services (like kraken.com) that are not tor-friendly.
I would like to connect first to Tor through sys-whonix than connect to
the VPN through VPN AppVM and from that VPN to connect to the clearnet.

I set the AppVMs networking following way: anon-whonix networking set
to -> sys-whonix networking set to -> VPN-AppVM proxy that connects to
the clearnet. Is that right for my model?

No.
Think about it.
anon-whonix creates a request.
sys-whonix takes that request, and builds a circuit.
VPN-AppVM sees the traffic to the first hop, and sends it down the VPN.
The VPN provider gets the Tor traffic, and sends it on to the first
hop.
Then it goes via Tor to the exit node and then to the target.
Your ISP sees traffic to the VPN; the VPN provider sees traffic from you
going to Tor; the target sees traffic coming from Tor network.

*Always* use check.torproject.org to confirm your exit IP in this sort of
case (always) so that actual matches expectations.

What you have built (in packet terms) is:
me - Tor - VPN - target.

What you seem to want is:
me - VPN - Tor - target

To do that you need to build the VPN traffic and send it down a Tor
circuit.
Your Qubes network configuration should be:
client - VPN qube - Tor qube - sys-firewall - sys-net

A good rule of thumb is that whichever proxyVM is directly attached to
your appVM will be the type of network that the remote service sees.

I have no idea if Whonix will let you do this.

This should work for most VPNs, as Patrick and I and others have tested
it (though I haven't tested Whonix specifically with Mullvad). The only
constraint is that the VPN use TCP instead of UDP.

--
Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

Re: Antw: [EXT] [qubes-users] To the Qubes developers (German translation) - An die Qubes Entwickler (Übersetzung auf Deutsch)

2020-05-04 Thread haaber



... and it would be fun finding out what the fixed points of those
translations are.

I agree that a full translation would be an awful lot of work.
But for starters I'd be happy with a translation of the qubes manager
and of application names in the qubes menu (e.g. "document viewer").
That is all my wife is going to see once I set her up a qubes machine.
Of course it is horrible to have an OS which is a mixture of two
languages. But translating the bits you deal with most often would aid
usability tremendously, wouldn't it?


I'd be ready to share a part of the translation work. One of the
questions is wether standard linux-messages could be "imported" from
other linux language-packs into qubes - to build a starting set. That
would solve the overwhelming part of the texts, to my belief: there is
not so much completely qubes-specific, is there??

Alles Gute, Bernhard

--
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/0036ac17-364b-cc6c-b5be-30e4fc7c323a%40web.de.

Re: Solved: [qubes-users] external CD writer

2020-05-04 Thread Olaf Klinke

On Sat, 2020-05-02 at 23:25 +0200, dhorf-hfref.4a288...@hashmail.org
wrote:
> On Sat, May 02, 2020 at 11:01:06PM +0200, Olaf Klinke wrote:
> 
> > I presume dom0 did not recognize the drive as a USB device and
> > hence
> > refuses to attach as such? `qvm-usb` yields the empty list. 
> 
> oh right, you just came full circle:
> attaching USB devices is not going to work without a usbVM.
> 
Where in the documentation is that stated? The manpage of qvm-device
does not mention this. The only hint is that all examples of qvm-usb in
the documentation show sys-usb as backend. 

> 
> > The only remaining question is: Did I buy a shitty drive or will
> > any
> > external CD writer behave this way? 
> 
> no, you just dont have your qubes setup properly.
> once you have a sys-usb ... qvm-usb should work just fine.
> 
> for how to do that: see other thread. :P 
> 
> 
> 
Okay, so let me try to get this straight, for the record. 

1. USB generally is bad, it should be avoided or contained.
2. Putting the USB keyboard into one container together with other
untrusted USB devices is even worse, since whoever controls your
keyboard, controls your computer.
3. Putting the USB keyboard in a qube can and has locked users out of
their systems. 
4. If possible, keep the input devices (and only those) attached to
dom0 while attaching all others to sys-usb. 

Luckily I seem to have two USB controllers for my peripheral USB ports,
so I can easily separate input- from other USB-devices. Is (4)
possible/recommended? The documentation shows how to hide _all_ USB
controllers from dom0, so I assume one can also choose to hide _some_. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/6cae63d2e9b9ca2d08c44b1ed57ba8012cf2154c.camel%40aatal-apotheke.de.

Re: Antw: [EXT] [qubes-users] To the Qubes developers (German translation) - An die Qubes Entwickler (Übersetzung auf Deutsch)

2020-05-04 Thread Olaf Klinke

On Mon, 2020-05-04 at 21:38 +0200, Ulrich Windl wrote:
> > > > Caroline Villinger  schrieb am
> > > > 03.05.2020 um
> 08:11 in Nachricht
> <
> 13676_1588486297_5EAE6099_13676_409_1_4a35faa1-f58a-4d47-9818-a852c0f07612@goog
> egroups.com>:
> > Hello dear Qubes developers,
> > 
> > I would like to ask you whether we can translate the Qubes software
> > into 
> > German.
> > Would you be willing to give us all the files we need for the
> > translation?
> > When we are done with the translation, we would send you the German
> > version
> > so that you can install it in the Qubes software.
> > This means that the user can choose whether he wants to install the
> > German 
> > language or the English language when installing new software.
> > 
> > If you agree, it would be very nice if you could give us an answer.
> 
> Those who are old enough might remember the "LST" (Linux Support
> Team) efforts
> of translating all Linux kernel messages to German. AFAIK they gave
> up long
> ago. Most likely because it's a _huge_ amount of work that needs
> updates every
> release.
> Likewise for Qubes: My guess is that you need something like 5000
> hours of
> work, and you can be sure: The task cannot be automated.
> For example there are different English words that map to the same
> German
> word, and two different German works may map to the same English
> word.

... and it would be fun finding out what the fixed points of those
translations are. 

I agree that a full translation would be an awful lot of work. 
But for starters I'd be happy with a translation of the qubes manager
and of application names in the qubes menu (e.g. "document viewer").
That is all my wife is going to see once I set her up a qubes machine.
Of course it is horrible to have an OS which is a mixture of two
languages. But translating the bits you deal with most often would aid
usability tremendously, wouldn't it? 

Olaf

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/d1e6a5294fdf05ca6de0adbc64dc00c0413d9473.camel%40aatal-apotheke.de.

Re: [qubes-users] Re: Fedora 30 approaching EOL, Fedora 31 TemplateVM available, Fedora 32 TemplateVM in testing

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Mon, May 04, 2020 at 03:30:05PM -0500, Sven Semmler wrote:
> On Sat, May 02, 2020 at 10:23:45AM +0200, Olaf Klinke wrote:
> > usb until I am more familiar with the inner workings of Qubes OS. If it
> > was really unrisky and straightforward scripting, why did the Qubes OS
> > installer not offer this choice, let alone just do it? 
> 
> The installer does offer the option, it simply isn't selected by
> default. 

I see now, this was in relation to the USB keyboard specifically. I
think at some point the idea was that Qubes would be primarily used with
laptops (having internal keyboards). But it would certainly be nice if
someone had the skills and time to improve the installer in this regard.
I fear though that's non-trivial.

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6wfGgACgkQ2m4We49U
H7ZbHBAAvoQtAGPCJHMO6knT4ltDPPXfq8zi8eYMV4MWBTRejyr9fs5djYkJCygA
JW98goa07NGC07aUGf5Dw4lLO/V1ZAxHYNmzK0VUasksADTz7B7nriUpqihaQS9z
vzG5iJIs5GEVDlx54UxV7RM3Jspy4o1R/55sOd6oyGHVHd9x2lnvoDct+vsXFgXX
6XyyvXKEQdzzPjwFui4nx949uZHxFEPxXYGvwnb9K8bIiWuyBe70Y+DQaVASV352
Pa1CySN9ebtTKzlQemeJxkdne2V3HpoqvrfisUQawOyPeN6pdnDCMDLlAt+7HZpF
f4kqd589gTFKO4hEWlxOhQBbcnjWuPOUyEQ7HVw0xWkuiJ7rYlyiXwJFt9KTJL4s
0KcQmS6+cgyHJy8A7jDIMw9XZm8M1H60CP7yXNzXxKmQ3Fl76H9TH1whAY09KLYl
y5psgpiyvDhFpGlfEzaGN4gy53t6Tj4rBC7Q8R2zw8HSZDAlulWM0cO5icla5lBs
csU6GKYATY2VNSQPq6J0MBR6AcWghudYBZxCgjiujpkjQF7JyLBIQVdUKMrMiC9/
03Md9NZWA4CwTf8Ehens7mWLSnr7Pu2FRaHnnpPurxlpCeDR0Na7dmMmnT827cb0
AcXLESmiRTrF/zT5DTWkGZPQLk1jUPesZAHPburE8B2U8hBS5q4=
=t0Zh
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504203445.GB1474%40app-email-private.

Re: [qubes-users] Re: Fedora 30 approaching EOL, Fedora 31 TemplateVM available, Fedora 32 TemplateVM in testing

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On Sat, May 02, 2020 at 10:23:45AM +0200, Olaf Klinke wrote:
> Hearing this, I will postpone following dhorf's advice to create a sys-
> usb until I am more familiar with the inner workings of Qubes OS. If it
> was really unrisky and straightforward scripting, why did the Qubes OS
> installer not offer this choice, let alone just do it? 

The installer does offer the option, it simply isn't selected by
default. After reading and understanding this page in its entirety
you should be fine:

https://www.qubes-os.org/doc/usb-qubes/

/Sven

- -- 
 public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEE18ry22WNibwI1qeq2m4We49UH7YFAl6we1EACgkQ2m4We49U
H7YPzw//Z1jEG3abV31dz84hkqB1lfNHTB4ZN0MUnkV9bInfVbzZTYHPt3jtqFrw
CAZOD21JMntKcSHJTNuMn7WBSf/2WXuqWLrTazbHpYzZSCLUULHVK9FNcnboF8WH
DI4cQ9F4g2m4Ig1NIuNeJ52TXr1/ZyWR9nMGsMSEoAtrY0zN6TgjuKvjujrtFdPQ
1NfrQ9H3gAq4e54qpEmeINsmfX485dTOxw7OCIFi+7Yq7Ltmm57v9PCn30povq2W
kwx5sK5iH6pBSepcZtRGN7qeiTizzOnI5PHDqTTA0FmArK/etVuYWawRiJuxuEFt
yHLStNIHwJSCacEKVm4XID0m+nf1eb69gWaDztv2ENVcEPHHLkpKt393JgKE6w81
CTjj5ZkG2zI7pUyYpDddnmgAu8YKGmo4XjQivZLds8FFN074+v1AIbE7kAaHLBju
y8hk9gUxt3lRHboZB1vz+IwE56qVUOtWp1WHxsSjXG6uXa/n+WLmQ4idOqT5cfWn
L0NveKvvgHnEkZ/vrRKlGw4R/Tohv3nGaMj9XQn3BO/0bHzFASrJWDUZh/wMpWcg
MfqtfNyHyUZYYUQnRcyWcDmFJ1xppybJxVJXBOcnayp7ce/r4CVkL90fZoozs3UF
PchF2v661eFl2qu2ymFWjToKAgAUWtvrwiKzlWXBmuivw03eOBU=
=4ouS
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504203005.GA1474%40app-email-private.

Re: [qubes-users] Removing Template VMs?

2020-05-04 Thread dhorf-hfref . 4a288f10

On Mon, May 04, 2020 at 12:28:27PM -0700, viktor.ransm...@gmail.com wrote:
> If I'd like to remove any old & **unused** Template VMs (e.g. Debian 9, 
> Fedora 29, etc.) all I have to do is to start the Qubes Manager, select the 
> template I'd like to remove - and - select 'Delete qube' ...

this should not work for templates that were installed by rpm.
you will have to use "rpm -e qubes-template-fedora-23" (or similar).
this will also require you clean up anything depending on these
templates first, like switching all VMs using them to something else,
removing related dvm templates ... 

i recommend to keep your one-generation-outdated mainline-template
around (even if it is EOL) if you can spare the diskspace. 
if you manage to wreck your new mainline template some way, it is
easier to recover from that with an outdated than with no template.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504202508.GG987%40priv-mua.

Re: Antw: [EXT] Re: [qubes-users] Contradictory measures of disk space in a VM

2020-05-04 Thread dhorf-hfref . 4a288f10

On Mon, May 04, 2020 at 09:12:59PM +0200, Ulrich Windl wrote:
> Is it possible to set a flag that makes fsck do a full filesystem
> check on the next boot?
> Havent found one for ext3...

use tune2fs to set the current-mountcount (-C) to something bigger
than the max-mountcount (check with -l, adjust with -c).
reading the tune2fs documentation is recommended before use.


> If the fs tools don't have that feature (yet), maybe it could be build
> into initrd (some flag just causes a full fsck to be performed before
> the fileystems are mounted (read-write).

they do. how to trigger it depends on your initrd.
reading the distro specific initrd documentation is recommended.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504201917.GF987%40priv-mua.

Antw: [EXT] Re: [qubes-users] Constant firefox crashes because of Qubes shared memory

>>> Zbigniew Lukasiak  schrieb am 04.05.2020 um 14:34 in
Nachricht
<25184_1588595663_5EB00BCE_25184_83_1_CAGL_UUtUxkCeqF2xj8Fud5Fwj7dfT5GanOYhxmRx6
sonby...@mail.gmail.com>:
> marmarek advised me on irc to add more shared memory:
> 
> mount /dev/shm -o remount,size=10G
> 
> and it seems to work. 10G is close to half of that VM's RAM. Qubes was
> assigning only 1G previously.

Personally I think once your browser uses more than 1GB of memory, it's time
to restart it or to restrict scripts from collecting so much information in
RAM.

> 
> Cheers,
> Zbigniew
> 
> 
> 
> 
> On Mon, Apr 27, 2020 at 9:19 PM Zbigniew Łukasiak  wrote:
>>
>> I am running fedora-30 in an App-VM (not disposable) and I also
>> experience the crashes. Not only Firefox, Opera also crashes, while
>> Slack app and Thunderbird which also run all the time don't.  I
>> thought this is because of not enough RAM - but out of frustration I
>> assigned 23GB to that machine and it did not help, also top reports
>> 10GB free memory now.
>>
>> In the past I also used Debian and I had those crashes too.
>>
>> --
>> ZŁ
>>
>>
>> On Mon, Apr 27, 2020 at 1:44 PM donoban  wrote:
>> >
>> > -BEGIN PGP SIGNED MESSAGE-
>> > Hash: SHA256
>> >
>> > On 2020-04-25 03:00, Guerlan wrote:
>> > > I started having constant firefox crashes on my debian9 Qube. I
>> > > sent the crash reports to firefox and the said that the problem
>> > > occurs because of the shared memory configuration of Qubes, but he
>> > > don't know how it's configured.
>> > >
>> > > Can somebody help me fixing this? How can I enlarge the shared
>> > > memory?
>> > >
>> >
>> > I am running fedora-30 and never had this kind of crash with firefox.
>> > My AppVms mostly have default 400MB/4000MB and some even less max
>> > limit. Maybe is it related to debian-9? Could you test debian-10?
>> > -BEGIN PGP SIGNATURE-
>> >
>> > iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAl6mxaUACgkQFBMQ2OPt
>> > CKWONg/8DxzS1fwOIBIbCarULt8buq7tAtFa5pl6gUF2sL9hn6Uboz53TJsf1e8g
>> > N75pqb5JjFRaZTf2gGwYkTeAo/HFyWxdEZWRprmWcW/0iLHaB86KzxDRXDaREmEs
>> > AWtZTbH7u6lTBx2U3YhPlW3YvBArMeqvdVY3SRIEk3Dl8c/snzMlQ0BQRwAazhmH
>> > IoRy2jeSAEvG0U0CXbEdxRmqt5ck9mFCndPZTfCxPoBup02B1QhwjfMZmCh14F0/
>> > zHaUZrHszUtVq5iAj6qe2x/PjY5NsAa15cOlM8I1h672vMxEJdv0WzWEYSdwhzEb
>> > i6p/NwtsoeI35DJInedbAk+Z7gTypanqSU23dS9Y77ox7OY+MPuSd+OMNRm+RSl7
>> > 7EVJo+ABg2SoUiX1ESb8Py4zH1jF0EFFOraPbr/N9QppgWVblVBXkW8hAbgwJk6t
>> > UoZJo0lHGbDHMj7TTfaU1nhvfwOmoYfiq/oTbs/+mamztUwYjI+jryOOBH+3JgXv
>> > MreOm0YH0jsLTMwjVfmxv4zmaSoA7mTwt6gCOpoamq4j9P3onVNgMmo0xcvmTxV0
>> > ReT5BPB1bASPH0vC7Kw+lfZndK/gYrptWAYjuw2Fo/jsh8z4zMUv9ppGe6TFu5kO
>> > mnVCBrjP5/ljNtGSYvxUNdzI7L7f3Wn3kOJTcfQfilTyzcdosGk=
>> > =+tb9
>> > -END PGP SIGNATURE-
>> >
>> > --
>> > You received this message because you are subscribed to the Google Groups

> "qubes-users" group.
>> > To unsubscribe from this group and stop receiving emails from it, send an

> email to qubes-users+unsubscr...@googlegroups.com.
>> > To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/qubes-users/1670d4bb-ea5b-0ea3-f72e-4284eff

> 9b521%40riseup.net.
>>
>>
>>
>> --
>> Zbigniew Lukasiak
>> https://medium.com/@zby 
>> http://brudnopis.blogspot.com/ 
> 
> 
> 
> -- 
> Zbigniew Lukasiak
> https://medium.com/@zby 
> http://brudnopis.blogspot.com/ 
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/qubes-users/CAGL_UUtUxkCeqF2xj8Fud5Fwj7dfT5

> GanOYhxmRx6ESonBy3FA%40mail.gmail.com.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5EB0743A02A100038B97%40gwsmtp.uni-regensburg.de.

Antw: [EXT] Re: [qubes-users] Re: disp-vm whonix torbrowser open tabs file?

>>> Catacombs  schrieb am 04.05.2020 um 14:18 in Nachricht
<24740_1588594718_5EB0081D_24740_209_1_e4ab08ee-0ed4-4089-9427-86850a35c9ea@goog
egroups.com>:

> ”l have a whonix disposable tor browser whonix vm running with a load of 
> tabs open, maybe 30 but I can't check the precise amount because the tabs 
> don't scroll anymore. “
> 
> 
> Consider creating a clone of Whonix Template QUBE,  make all your Tabs 
> Favorites.  Used to be an option in Firefox to open all favorites.  Or there

> is an option of what to start when starting Firefox.  
> Save this template clone for the specific use of having this group of Tabs a

> a available all at once. 
> 
> ”The browser hangs.” Perhaps increase the memory allocation for the QUBE 
> that has all the Tabs
> 
> “As soon as I close the browser my tabs will be gone and I don't like to 
> lose them. 
> I think there must be a session.json file but that seems to be created only

> when the browser closes, and this will close the VM automatically, so even
if 
> a restore file with tabs in it is created, it will be gone upon closure of 
> the browser.
> I can access the file system from within dom0 and could copy any file that I

> need.
> 
> Is there any place where whonix tor browser stores its currently open tabs?


I think (at least for Firefox) there must be a place where open tabs are
stored, because when the machine crashes, Firefox can recover the last session
automatically. The other idea I had is the history: Shouldn't all tabs be
present in the history, too? OK, if the browser is hanging, it might not help.
Did you try to open a terminal for the same DVM (via cubes manager on the VM)?
If so, you could try to find out what's going on with the browser (like:
"free", "top", etc.). My guess is lack of memory.

> 
> Thanks ahead.
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/qubes-users/e4ab08ee-0ed4-4089-9427-86850a3

> 5c9ea%40googlegroups.com.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5EB0739302A100038B92%40gwsmtp.uni-regensburg.de.

Antw: [EXT] [qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube

>>> GWeck  schrieb am 04.05.2020 um 14:04 in Nachricht
<22855_1588593848_5EB004B7_22855_343_1_8c98f91b-eec7-465e-8b1d-381ad2ea9717@goog
egroups.com>:

> 
> A rather good first introduction to the basic concepts of Qubes OS! I hope 
> this helps spreading the word about Qubes in the DACH countries.
> 
> In Germany, we desparately need  a secure basis for IT in many areas where 
> government and firms currently are using Windows - contrary to privacy 
> protection laws, and contrary to common sense - see Emotet.

Sorry, the problem with Windows is that it was designed for stupid people, just 
to sell more copies. I severely doubt you can convince the typical Windows user 
to use QubesOS for daily work. "Security" is not a product you can buy, and 
"security" is the " is the opposite of "comfort". People want comfort not 
security. Why else would they use Alexa or Google assistant or Siri, dubious 
password managers, etc.?

> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/8c98f91b-eec7-465e-8b1d-381ad2e 
> a9717%40googlegroups.com.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5EB0720702A100038B8D%40gwsmtp.uni-regensburg.de.

Antw: [EXT] [qubes-users] To the Qubes developers (German translation) - An die Qubes Entwickler (Übersetzung auf Deutsch)

>>> Caroline Villinger  schrieb am 03.05.2020 um
08:11 in Nachricht
<13676_1588486297_5EAE6099_13676_409_1_4a35faa1-f58a-4d47-9818-a852c0f07612@goog
egroups.com>:
> Hello dear Qubes developers,
> 
> I would like to ask you whether we can translate the Qubes software into 
> German.
> Would you be willing to give us all the files we need for the translation?
> When we are done with the translation, we would send you the German version

> so that you can install it in the Qubes software.
> This means that the user can choose whether he wants to install the German 
> language or the English language when installing new software.
> 
> If you agree, it would be very nice if you could give us an answer.

Those who are old enough might remember the "LST" (Linux Support Team) efforts
of translating all Linux kernel messages to German. AFAIK they gave up long
ago. Most likely because it's a _huge_ amount of work that needs updates every
release.
Likewise for Qubes: My guess is that you need something like 5000 hours of
work, and you can be sure: The task cannot be automated.
For example there are different English words that map to the same German
word, and two different German works may map to the same English word.

> 
> greeting
> Erwin
> 
> 
> 
> 
> 
> 
> Hallo liebe Qubes Entwickler,
> 
> ich möchte euch fragen, ob wir die Software Qubes in deutsche Sprache 
> übersetzen können.
> Wärst du bereit uns alle Dateien zu geben, die wir für die Übersetzung 
> benötigen?
> Wenn wir fertig sind, mit der Übersetzung würden wir dir die deutsche 
> Version zusenden, so dass Ihr es in der Qubes Software mit einbauen könnt.
> Somit kann der User bei neu Installation wählen, ob er die deutsche Sprache

> oder die englische Sprache installieren möchte.
> 
> Wenn du damit einverstanden bist, wäre es sehr schön, wenn du uns eine 
> Antwort geben kannst.
> 
> Gruß
> Erwin
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
>
https://groups.google.com/d/msgid/qubes-users/4a35faa1-f58a-4d47-9818-a852c0f

> 07612%40googlegroups.com.



-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5EB06F1B02A100038B88%40gwsmtp.uni-regensburg.de.

[qubes-users] Removing Template VMs?

2020-05-04 Thread viktor . ransmayr

Hello community,

If I'd like to remove any old & **unused** Template VMs (e.g. Debian 9, 
Fedora 29, etc.) all I have to do is to start the Qubes Manager, select the 
template I'd like to remove - and - select 'Delete qube' ...

Is this approach OK - or - am I missing something?


With kind regards,

VR

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a6ef732a-6866-4dad-b378-532643235454%40googlegroups.com.

Antw: [EXT] Re: [qubes-users] Contradictory measures of disk space in a VM

>>> Franz <169...@gmail.com> schrieb am 29.04.2020 um 20:10 in Nachricht
<12446_1588183865_5EA9C338_12446_12_1_CAPzH-qB-p_Q3kCn7kGUE8F4=Bsn4mPPrmU-w76NO0
2l7fy...@mail.gmail.com>:
> Dear Dhorf,
> I tried fsck on dom0, but got the enclosed terror screen.
> For me it is enough, I created a new VM, copied content of the old
> corrupted one to the new one. Everything works and do not afford to do more
> because it is too complicated for  my little mind.
> But i want to thank you, with your help I understood were the problem is
> and for the future I'll avoid to chenge size of a running VM. I understand
> it can theoretically be done, but it does not work for me. On the other
> hand, it works if the VM is not running.
> So thanks Dhorf I appreciate the time you devote for me

Hi!

While I'd be able to perform the needed fsck, I wonder:
Is it possible to set a flag that makes fsck do a full filesystem check on the 
next boot?
Havent found one for ext3...

If the fs tools don't have that feature (yet), maybe it could be build into 
initrd (some flag just causes a full fsck to be performed before the fileystems 
are mounted (read-write).

Regards,
Ulrich


> 
> On Wed, Apr 29, 2020 at 9:42 AM  wrote:
> 
>> On Wed, Apr 29, 2020 at 08:11:37AM -0300, Franz wrote:
>>
>> > Did it with Fedora 30, but with exactly the same result
>> > But checking other VMs I am getting the same error on some of them :((
>> > So this is a widespread problem.
>>
>> did you try to google your problem?
>> because at this point it is starting to look less of a qubes problem,
>> and more like generic filesystem damage.
>>
>> fsck+repair the volume, then resize it.
>> consult the documentation of your favorite distro template on how
>> to do this inside the vm.
>> you may have to connect to the vm through "xl console" in dom0.
>>
>> or spawn a fsck-vm, and temporarily attach the volumes to that.
>> https://www.qubes-os.org/doc/mount-lvm-image/ 
>>
>> or just fsck+resize from dom0 if you consider the risk of something
>> exploiting e2fstools through this acceptable.
>>
>>
>>
>> > May it be that this is caused by running Qubes manager / vm settings/
>> > increase private size  when the VM is running? Sometimes I get an error
>> on
>> > that. It may be that this creates a problem that cannot be removed.
>>
>> no, online resize is completely normal and supported.
>>
>>
>>
>>
> 
> -- 
> You received this message because you are subscribed to the Google Groups 
> "qubes-users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to qubes-users+unsubscr...@googlegroups.com.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/qubes-users/CAPzH-qB-p_Q3kCn7kGUE8F4%3DBsn4 
> mPPrmU-w76NO0B2L7fYFaQ%40mail.gmail.com.




-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/5EB0693B02A100038B7E%40gwsmtp.uni-regensburg.de.

Re: [qubes-users] Dividing Qubes Into Separate Networks (FAILED)

2020-05-04 Thread 'Zsolt Bicskey' via qubes-users

> You seem to have taken offence at a comment not made by me.
My bad. I lost track who said what. 


> Now we know that Fedora live connects to the VLAN port - what
> configuration was required? (I leave open the possibility that > Fedora
> live implements some autoconfiguration not included in the basic Fedora 
> template)
No configuration was required. On DHCP it just automatically worked. I switched 
over to manual config, assigned a different IP and once again it just worked. I 
copied the config file out from th network scripts and tried implementing the 
same on the pentest-gw

> Have you made the same configuration in your pentest-gw?
I tried the same settings  in the pentests-gw that I gaterhered from the 
liveboot and made no difference. 


> What do the logs say? (In Qubes and on switch.)
SWITCH LOGS:
May  4 14:56:25 UBNT daemon.notice switch: TRAPMGR: Link Up: 0/6
May  4 14:56:25 UBNT daemon.info switch: DOT1S: Port (6) inst(0) role changing 
from ROLE_DISABLED to ROLE_DESIGNATED

PENTEST-GW LOGS: 

May 04 14:55:46 pentest-gw systemd[559]: Started Mark boot as successful after 
the user session has run 2 minutes.
May 04 14:55:46 pentest-gw systemd[559]: Reached target Paths.
May 04 14:55:46 pentest-gw systemd[559]: Reached target Timers.
May 04 14:55:46 pentest-gw systemd[559]: Starting D-Bus User Message Bus Socket.
May 04 14:55:46 pentest-gw systemd[559]: Listening on Multimedia System.
May 04 14:55:46 pentest-gw systemd[559]: Condition check resulted in Sound 
System being skipped.
May 04 14:55:46 pentest-gw systemd[559]: Listening on D-Bus User Message Bus 
Socket.
May 04 14:55:46 pentest-gw systemd[559]: Reached target Sockets.
May 04 14:55:46 pentest-gw systemd[559]: Reached target Basic System.
May 04 14:55:46 pentest-gw systemd[559]: Reached target Main User Target.
May 04 14:55:46 pentest-gw systemd[559]: Startup finished in 175ms.
May 04 14:55:48 pentest-gw systemd[559]: Starting D-Bus User Message Bus...
May 04 14:55:48 pentest-gw dbus-broker-launch[711]: Service file 
'/usr/share/dbus-1/services/org.gnome.evolution.dataserver.Calendar.service' is 
not named after the D-Bus name 'org.gnome.evolution.dataserver.Calendar8'.
May 04 14:55:48 pentest-gw dbus-broker-launch[711]: Service file 
'/usr/share/dbus-1/services/org.gnome.evolution.dataserver.AddressBook.service' 
is not named after the D-Bus name 
'org.gnome.evolution.dataserver.AddressBook10'.
May 04 14:55:48 pentest-gw dbus-broker-launch[711]: Service file 
'/usr/share/dbus-1/services/org.gnome.evolution.dataserver.UserPrompter.service'
 is not named after the D-Bus name 
'org.gnome.evolution.dataserver.UserPrompter0'.
May 04 14:55:48 pentest-gw dbus-broker-launch[711]: Service file 
'/usr/share/dbus-1/services/org.freedesktop.mate.Notifications.service' is not 
named after the D-Bus name 'org.freedesktop.Notifications'.
May 04 14:55:48 pentest-gw dbus-broker-launch[711]: Service file 
'/usr/share/dbus-1/services/org.gnome.evolution.dataserver.Sources.service' is 
not named after the D-Bus name 'org.gnome.evolution.dataserver.Sources5'.
May 04 14:55:48 pentest-gw dbus-broker-launch[711]: Policy to allow 
eavesdropping in /usr/share/dbus-1/session.conf +31: Eavesdropping is 
deprecated and ignored
May 04 14:55:48 pentest-gw dbus-broker-launch[711]: Policy to allow 
eavesdropping in /usr/share/dbus-1/session.conf +33: Eavesdropping is 
deprecated and ignored
May 04 14:55:48 pentest-gw systemd[559]: Started D-Bus User Message Bus.
May 04 14:55:48 pentest-gw dbus-broker-lau[711]: Ready
May 04 14:55:48 pentest-gw systemd[559]: Starting Tracker metadata database 
store and lookup manager...
May 04 14:55:48 pentest-gw systemd[559]: Starting Virtual filesystem service...
May 04 14:55:48 pentest-gw systemd[559]: Started Virtual filesystem service.
May 04 14:55:48 pentest-gw systemd[559]: Started Tracker metadata database 
store and lookup manager.
May 04 14:55:48 pentest-gw systemd[559]: Created slice 
dbus\x2d:1.2\x2dca.desrt.dconf.slice.
May 04 14:55:48 pentest-gw systemd[559]: Started 
dbus-:1.2-ca.desrt.dconf@0.service.
May 04 14:55:48 pentest-gw pulseaudio[729]: vchan module loading
May 04 14:55:48 pentest-gw pulseaudio[729]: using domid: 0
May 04 14:55:48 pentest-gw pulseaudio[729]: play libvchan_fd_for_select=19, 
ctrl=0x57995005aa40
May 04 14:55:48 pentest-gw pulseaudio[729]: rec libvchan_fd_for_select=23, 
ctrl=0x57995005abe0
May 04 14:55:48 pentest-gw pulseaudio[729]: sink cork req state =1, now state=-2
May 04 14:55:48 pentest-gw pulseaudio[729]: source cork req state =1, now 
state=-2
May 04 14:55:48 pentest-gw pulseaudio[729]: module-rescue-stream is obsolete 
and should no longer be loaded. Please remove it from your configuration.
May 04 14:55:49 pentest-gw systemd[559]: Starting Accessibility services bus...
May 04 14:55:49 pentest-gw systemd[559]: Started Accessibility services bus.
May 04 14:55:49 pentest-gw at-spi-bus-launcher[816]: Policy to allow 
eavesdropping in /usr/share/defaults/at-spi2/accessibility.conf +15: 
E

Re: [qubes-users] How To Set Up Traffic Mirroring To Security Onion

2020-05-04 Thread 'Zsolt Bicskey' via qubes-users

Does anyone have some creative ideas how I could mirror all traffic on this 
subnet into the SecurityOnion HVM?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/u1duhVe3EcbDxwOOElvchdWDfAPGGz0iLk8xRxhyf5PdzM62Zt6_ZD-TgDz3jfQZFmCrZnLpQyYjsP415CUwaswc9hHFTq4DDSeMNctMVGc%3D%40protonmail.com.


publickey - letmereadit@protonmail.com - 0xEE010E73.asc
Description: application/pgp-keys


signature.asc
Description: OpenPGP digital signature

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN

2020-05-04 Thread taran1s



Frank:
>>
>> unman:
 On Sun, May 03, 2020 at 08:01:59AM +, taran1s wrote:


>> What you have built (in packet terms) is:
>> me - Tor - VPN - target.
>>
>> What you seem to want is:
>> me - VPN - Tor - target
>>
>> To do that you need to build the VPN traffic and send it down a Tor
>> circuit.
>> Your Qubes network configuration should be:
>> client - VPN qube - Tor qube - sys-firewall - sys-net
>>
>> I have no idea if Whonix  will let you do this.
>>
>> unman
>>
>
> Ah, omg I see. I thought about it in regards of seeing other AppVMs like
> sys-whonix -> sys-firewall -> sys-net. I am not experienced in
> networking and so just followed the logic of whats first gets first. But
> now I see that packet wise, it is vice versa. It is a bit confusing for
> me, but if it is working, I will be more than happy :)
>
> So if I understand it properly, I set the networking of the AppVMs
> following way:
>
> anon-whonix -> VPN-AppVM -> sys-whonix -> clearnet. In this case I use
> tor first, exit from tor-exit-node to the VPN and than exit from VPN to
> clearnet. Am I right?
>

 I tried the setup, but in this case the the VPN proxy doesn't go to Link
 UP and TB in anon-whonix isn't connected to the internet. Any ideas?

 BTW I downloaded the default UDP setting package from mullvadVPN as
 Chris mentioned. I know that tor is using TCP only. Could this be an
 issue with this setup and I should get the TCP package instead of UDP?

>>> Yes. Your UDP traffic wont go through Tor.
>>> You need a TCP VPN to route through Tor.
>>>
>>> unman
>>>
>>
>> I downloaded the TCP port 443 (there is also TCP port 80?) file from
>> Mullvad and tried to go through, but the VPN Proxy AppVM cycles with
>> 'Ready to start link' only and never goes to the 'Link is UP'.
>>
>> Maybe there is something in the script from Chris that doesn't cooperate
>> with the whonix setup and something needs to be adjusted for this model
>> of connecting to VPN after Tor. But no idea what it could be.I am
>> unfortunately not able to check the script itself as I am not a programmer..
> 
> What exactly are you trying to accomplish with this kind of set-up? If you 
> want to stay anonymous, your connection through the VPN should accomplish 
> that already (if you make sure your browser doesn’t contain any information 
> that can be traced back to you) and if not (because you didn’t pay with 
> Bitcoin or cash and there is a possible paper-trail back to your person from 
> your mullvad VPN account number) then using it through Tor doesn’t help 
> either.
> 
> Maybe I am missing something here and I would love to be enlightened if that 
> is the case...
> 
> Regards, Frank
> 


As I mentioned, I would like to use Tor before VPN to be able to connect
to the tor-unfriendly services like kraken.com. VPN itself is not
anonymous and so connect to the VPN from the Tor exit node helps.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e0d02f08-f3ea-1eea-db71-edf8ff2598dd%40mailbox.org.


0xA664B90BD3BE59B3.asc
Description: application/pgp-keys

[qubes-users] disp vm template not working in fedora 31

2020-05-04 Thread galthopimap

Hello, I hope someone can help with this.

I have a modified fedora 31 template which I want to use as a disposable VM.

I have done this:

Created a app vm called my-dvm based on my-f31-template using the qubes 
manager

In the dom0 terminal:

qvm-prefs my-dvm template_for_dispvms True
qvm-features my-dvm appmenus-dispvm 1


There are no error messages but I dont get the 'Disposable' entries in the 
start button menu. So I did this:

qvm-appmenus --update --force my-dvm

my-dvm: Creating appmenus
Traceback (most recent call last):
  File "/usr/bin/qvm-appmenus", line 9, in 
load_entry_point('qubesdesktop==4.0.20', 'console_scripts', 
'qvm-appmenus')()
  File "/usr/lib/python3.5/site-packages/qubesappmenus/__init__.py", line 
644, in main
appmenus.appmenus_update(vm, force=args.force)
  File "/usr/lib/python3.5/site-packages/qubesappmenus/__init__.py", line 
541, in appmenus_update
self.appmenus_create(vm, force=force, refresh_cache=False)
  File "/usr/lib/python3.5/site-packages/qubesappmenus/__init__.py", line 
256, in appmenus_create
dispvm):
  File "/usr/lib/python3.5/site-packages/qubesappmenus/__init__.py", line 
140, in write_desktop_file
raise DispvmNotSupportedError()
qubesappmenus.DispvmNotSupportedError: Creating Disposable VM menu entries 
not supported by this template


How can I fix this?

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/2e613fe0-682d-4548-b138-a5012752372a%40googlegroups.com.

[qubes-users] Arch Linux templates and repo

Evening all,

It's possible to build arch templates using qubes builder. Simply select
archlinux as a target in ./setup, run make get-sources, make qubes-vm, and
make template.

If you are not sure about building for yourself, or don't have time,
I've decided to make pre-built arch templates available, as well as
hosting arch repositories.
You can download the pre-built template from https://qubes.3isec.org/Templates

All my templates, packages and repositories are signed with
my Qubes Signing key - you can get this from any keyserver. You
should check this against other sources - the Qubes-Users mailing list,
[GitHub](https://github.com/unman/unman/blob/master/gpg-keys.asc), maybe another
keyserver over Tor.

You should do something like this, in a Fedora disposableVM:
Download the arch template from https://qubes.3isec.org/Templates

Once you have downloaded and confirmed my "Qubes OS signing key", add it to
your rpm keyring:
`sudo rpm --import `

Check the signature on the template:
`rpm -K `
If all is well you will see "digests signatures OK"

Once you are satisfied, install the Template.
To do this you will need to copy it to dom0. In dom0 run:
`qvm-run -p 'cat ' > archtemplate`

Then install, in dom0 :
`sudo dnf install archtemplate`

I'll be hosting an arch repository with packages for 4.0 and 4.1, but
it's not completed testing yet.
I'll let you know when it's ready for use, probably tomorrow.

Bear in mind that using these templates and packages, you trust me to
do the right thing.
Naturally, anyone can inspect the contents of the template package, the
installed template, and qubes packages, to check that all is fine.

cheers

unman

Re: [qubes-users] Constant firefox crashes because of Qubes shared memory

2020-05-04 Thread Zbigniew Łukasiak

marmarek advised me on irc to add more shared memory:

mount /dev/shm -o remount,size=10G

and it seems to work. 10G is close to half of that VM's RAM. Qubes was
assigning only 1G previously.

Cheers,
Zbigniew




On Mon, Apr 27, 2020 at 9:19 PM Zbigniew Łukasiak  wrote:
>
> I am running fedora-30 in an App-VM (not disposable) and I also
> experience the crashes. Not only Firefox, Opera also crashes, while
> Slack app and Thunderbird which also run all the time don't.  I
> thought this is because of not enough RAM - but out of frustration I
> assigned 23GB to that machine and it did not help, also top reports
> 10GB free memory now.
>
> In the past I also used Debian and I had those crashes too.
>
> --
> ZŁ
>
>
> On Mon, Apr 27, 2020 at 1:44 PM donoban  wrote:
> >
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > On 2020-04-25 03:00, Guerlan wrote:
> > > I started having constant firefox crashes on my debian9 Qube. I
> > > sent the crash reports to firefox and the said that the problem
> > > occurs because of the shared memory configuration of Qubes, but he
> > > don't know how it's configured.
> > >
> > > Can somebody help me fixing this? How can I enlarge the shared
> > > memory?
> > >
> >
> > I am running fedora-30 and never had this kind of crash with firefox.
> > My AppVms mostly have default 400MB/4000MB and some even less max
> > limit. Maybe is it related to debian-9? Could you test debian-10?
> > -BEGIN PGP SIGNATURE-
> >
> > iQIzBAEBCAAdFiEEznLCgPSfWTT+LPrmFBMQ2OPtCKUFAl6mxaUACgkQFBMQ2OPt
> > CKWONg/8DxzS1fwOIBIbCarULt8buq7tAtFa5pl6gUF2sL9hn6Uboz53TJsf1e8g
> > N75pqb5JjFRaZTf2gGwYkTeAo/HFyWxdEZWRprmWcW/0iLHaB86KzxDRXDaREmEs
> > AWtZTbH7u6lTBx2U3YhPlW3YvBArMeqvdVY3SRIEk3Dl8c/snzMlQ0BQRwAazhmH
> > IoRy2jeSAEvG0U0CXbEdxRmqt5ck9mFCndPZTfCxPoBup02B1QhwjfMZmCh14F0/
> > zHaUZrHszUtVq5iAj6qe2x/PjY5NsAa15cOlM8I1h672vMxEJdv0WzWEYSdwhzEb
> > i6p/NwtsoeI35DJInedbAk+Z7gTypanqSU23dS9Y77ox7OY+MPuSd+OMNRm+RSl7
> > 7EVJo+ABg2SoUiX1ESb8Py4zH1jF0EFFOraPbr/N9QppgWVblVBXkW8hAbgwJk6t
> > UoZJo0lHGbDHMj7TTfaU1nhvfwOmoYfiq/oTbs/+mamztUwYjI+jryOOBH+3JgXv
> > MreOm0YH0jsLTMwjVfmxv4zmaSoA7mTwt6gCOpoamq4j9P3onVNgMmo0xcvmTxV0
> > ReT5BPB1bASPH0vC7Kw+lfZndK/gYrptWAYjuw2Fo/jsh8z4zMUv9ppGe6TFu5kO
> > mnVCBrjP5/ljNtGSYvxUNdzI7L7f3Wn3kOJTcfQfilTyzcdosGk=
> > =+tb9
> > -END PGP SIGNATURE-
> >
> > --
> > You received this message because you are subscribed to the Google Groups 
> > "qubes-users" group.
> > To unsubscribe from this group and stop receiving emails from it, send an 
> > email to qubes-users+unsubscr...@googlegroups.com.
> > To view this discussion on the web visit 
> > https://groups.google.com/d/msgid/qubes-users/1670d4bb-ea5b-0ea3-f72e-4284eff9b521%40riseup.net.
>
>
>
> --
> Zbigniew Lukasiak
> https://medium.com/@zby
> http://brudnopis.blogspot.com/



-- 
Zbigniew Lukasiak
https://medium.com/@zby
http://brudnopis.blogspot.com/

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/CAGL_UUtUxkCeqF2xj8Fud5Fwj7dfT5GanOYhxmRx6ESonBy3FA%40mail.gmail.com.

Re: [qubes-users] Re: disp-vm whonix torbrowser open tabs file?

2020-05-04 Thread Catacombs


”l have a whonix disposable tor browser whonix vm running with a load of tabs 
open, maybe 30 but I can't check the precise amount because the tabs don't 
scroll anymore. “


Consider creating a clone of Whonix Template QUBE,  make all your Tabs 
Favorites.  Used to be an option in Firefox to open all favorites.  Or there is 
an option of what to start when starting Firefox.  
Save this template clone for the specific use of having this group of Tabs a a 
available all at once. 

”The browser hangs.” Perhaps increase the memory allocation for the QUBE that 
has all the Tabs

“As soon as I close the browser my tabs will be gone and I don't like to lose 
them. 
I think there must be a session.json file but that seems to be created only 
when the browser closes, and this will close the VM automatically, so even if a 
restore file with tabs in it is created, it will be gone upon closure of the 
browser.
I can access the file system from within dom0 and could copy any file that I 
need.

Is there any place where whonix tor browser stores its currently open tabs? 

Thanks ahead.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e4ab08ee-0ed4-4089-9427-86850a35c9ea%40googlegroups.com.

[qubes-users] Re: Erste deutsche Rezension von Qubes OS auf Youtube

2020-05-04 Thread GWeck



A rather good first introduction to the basic concepts of Qubes OS! I hope 
this helps spreading the word about Qubes in the DACH countries.

In Germany, we desparately need  a secure basis for IT in many areas where 
government and firms currently are using Windows - contrary to privacy 
protection laws, and contrary to common sense - see Emotet.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/8c98f91b-eec7-465e-8b1d-381ad2ea9717%40googlegroups.com.

Re: [qubes-users] Re: disp-vm whonix torbrowser open tabs file?

On Mon, May 04, 2020 at 12:32:39PM +0100, unman wrote:
> On Sun, May 03, 2020 at 11:35:21PM -0700, list.w...@gmail.com wrote:
> > Actually, I guess it would be fine if there would be a procedure with which 
> > I can close down the disposable browser without the disp-vm automatically 
> > closing.
> > Then there will, probably, be a session.json file made which I then can 
> > copy to another VM.
> > 
> > 
> > 
> > 
> > On Monday, May 4, 2020 at 2:30:31 AM UTC, list...@gmail.com wrote:
> > >
> > > Hello qubes users, 
> > >
> > > I have a whonix disposable tor browser whonix vm running with a load of 
> > > tabs open, maybe 30 but I can't check the precise amount because the tabs 
> > > don't scroll anymore. 
> > > The browser hangs.
> > > As soon as I close the browser my tabs will be gone and I don't like to 
> > > lose them. 
> > > I think there must be a session.json file but that seems to be created 
> > > only when the browser closes, and this will close the VM automatically, 
> > > so 
> > > even if a restore file with tabs in it is created, it will be gone upon 
> > > closure of the browser.
> > > I can access the file system from within dom0 and could copy any file 
> > > that 
> > > I need.
> > >
> > > Is there any place where whonix tor browser stores its *currently open* 
> > > *tabs*? 
> > >
> > > Thanks ahead.
> > >
> 
> The convention here is not to top-post.
> Please scroll to the bottom of the message before you start typing. Or
> reply inline.
> It only takes you seconds, makes it much easier to follow threads, and
> cumulatively saves your fellow users hours.
> Thanks.
> 
> In FF, I think that the data is in sessionstore-backups. Have a look
> there.
> You may do better asking on the Whonix lists, as I believe they
> customize the TBB somewhat.
> 
> unman
> 

Actually, since TBB wont remember history or site data, I dont think
that data is stored anywhere. (Unless i misremember, the Update reloads
open tabs, not by reading from existing stored data, but by storing that
data itself.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504115832.GE29542%40thirdeyesecurity.org.

Re: [qubes-users] Re: disp-vm whonix torbrowser open tabs file?

On Sun, May 03, 2020 at 11:35:21PM -0700, list.w...@gmail.com wrote:
> Actually, I guess it would be fine if there would be a procedure with which 
> I can close down the disposable browser without the disp-vm automatically 
> closing.
> Then there will, probably, be a session.json file made which I then can 
> copy to another VM.
> 
> 
> 
> 
> On Monday, May 4, 2020 at 2:30:31 AM UTC, list...@gmail.com wrote:
> >
> > Hello qubes users, 
> >
> > I have a whonix disposable tor browser whonix vm running with a load of 
> > tabs open, maybe 30 but I can't check the precise amount because the tabs 
> > don't scroll anymore. 
> > The browser hangs.
> > As soon as I close the browser my tabs will be gone and I don't like to 
> > lose them. 
> > I think there must be a session.json file but that seems to be created 
> > only when the browser closes, and this will close the VM automatically, so 
> > even if a restore file with tabs in it is created, it will be gone upon 
> > closure of the browser.
> > I can access the file system from within dom0 and could copy any file that 
> > I need.
> >
> > Is there any place where whonix tor browser stores its *currently open* 
> > *tabs*? 
> >
> > Thanks ahead.
> >

The convention here is not to top-post.
Please scroll to the bottom of the message before you start typing. Or
reply inline.
It only takes you seconds, makes it much easier to follow threads, and
cumulatively saves your fellow users hours.
Thanks.

In FF, I think that the data is in sessionstore-backups. Have a look
there.
You may do better asking on the Whonix lists, as I believe they
customize the TBB somewhat.

unman

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504113239.GD29542%40thirdeyesecurity.org.

Re: [qubes-users] Dividing Qubes Into Separate Networks (FAILED)

On Mon, May 04, 2020 at 02:00:00AM +, Zsolt Bicskey wrote:
> > > > > Set the VLAN correctly?
> > > > > yes, as I said if I connect a Windows latptop it works right away
> > > > > Set all parameters necessary to satisfy any port security on the 
> > > > > switch?
> > > > > Yes, same answer as above
> > > 
> 
> > > actualy, those are not "answers" at all.
> > > there is nothing in this description confirming you know how to
> > > configure a network interface under linux.
> 
> My apologies unman that I am not a Linux poweruser. I have only been using it 
> casually for the past 20 years. I have yet to run into a situation where I 
> was not able to configure my network on any SUSE/Slackware, Debian or RHEL 
> based systems. The reason I came here is to get help, not to be reminded what 
> I do not understand or know about networking. 
> 
> 
> > > since you confirmed the second port is working in general, this
> > > is unlikely to be a qubes problem.
> > > may be a whatever-your-netvm-distro-is problem.
> > > or more likely, a configuration problem.
> > > try booting whatever the distro in your netvm is off a USB stick
> > > or dvd (== without xen involved), and get the right network
> > > interface to work on the right port with that.
> > > then copy over the interface configuration to your netvm.
> > 
> 
> 
> So my understanding is that it would not solve the DHCP settings but if I 
> were to try manually setting it then Fedora stores the settings in 
> /etc/sysconfig/network-scripts/ifcfg-Wired_connection_# which is not a 
> permanent location in Qubes so I'd lose it with every reboot. 
> 
> 
> And just to be really sure everything is working on the machine I tested all 
> interfaces with manual and DHCP settings with the Live boot Fedora and 
> everything was working. 
> 
> 
> Can someone please try to help me solve this issue? Everything in line after 
> Qubes is 100% working as designed. There is someting with the Qubes gateway 
> that I am goofing up and I cannot find what is wrong. 


You seem to have taken offence at a comment not made by me.
I *do* endorse the statement that your replies were not answers.

The question isn't whether you have correctly configured VLAN on the
port, but whether you have configured the interface correctly.
Saying that a Windows laptop can connect is irrelevant to that point.

Now we know that Fedora live connects to the VLAN port - what
configuration was required? (I leave open the possibility that Fedora
live implements some autoconfiguration not included in the basic Fedora
template)
Have you made the same configuration in your pentest-gw?
What do the logs say? (In Qubes and on switch.)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504112429.GC29542%40thirdeyesecurity.org.

[qubes-users] disp-vm whonix torbrowser open tabs file?

2020-05-04 Thread Catacombs

Would it work to create a clone of whonix template QUBE.  Then create the tabs 
you want, save that before you do anything that might leave Malware in this 
template?  

Perhaps increase the memory allocation for this QUBE with the hope of the many 
TABs causing a hang.  

Another option is to make all those tabs Favorites.  There used to be an option 
in Firefox to open all Favorites.  But I do not know if or how that is 
implemented in QUBEs Firefox.  Consult Firefox help. 

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/a0059878-a413-43d9-8696-a6900fe30ca7%40googlegroups.com.

Re: [qubes-users] Re: disp-vm whonix torbrowser open tabs file?

2020-05-04 Thread Mike Keehan

On 5/4/20 7:35 AM, list.w...@gmail.com wrote:

Actually, I guess it would be fine if there would be a procedure with which
I can close down the disposable browser without the disp-vm automatically
closing.
Then there will, probably, be a session.json file made which I then can
copy to another VM.

On Monday, May 4, 2020 at 2:30:31 AM UTC, list...@gmail.com wrote:

Hello qubes users,

I have a whonix disposable tor browser whonix vm running with a load of
tabs open, maybe 30 but I can't check the precise amount because the tabs
don't scroll anymore.
The browser hangs.
As soon as I close the browser my tabs will be gone and I don't like to
lose them.
I think there must be a session.json file but that seems to be created
only when the browser closes, and this will close the VM automatically, so
even if a restore file with tabs in it is created, it will be gone upon
closure of the browser.
I can access the file system from within dom0 and could copy any file that
I need.

Is there any place where whonix tor browser stores its *currently open*
*tabs*?

Thanks ahead.

Start a terminal in a dispVM, then use the command line to start the
browser. You can stop and start the browser whenever you want.

The dispVM will stay running until you close the terminal.

Mike.

Re: [qubes-users] Re: Shoshana Zuboff and Renata ??vila: ???COVID-1984 ??? Surveillance Capitalism???

On Sun, May 03, 2020 at 09:46:55PM -0700, list.w...@gmail.com wrote:
> Trust me on this if you have no time to research it for yourself. 
> 
> *If* you have *no* hyperinsulinemia--in other words, you're no type 1 or 2 
> diabetic, *and* you're not pre-diabetic (that is fasting blood glucose 
> 5.5-6.9 mmol/l) *and* you're not pre-pre-diabetic (that is Kraft Insulin 
> Assay Test: blood insulin above 700 pmol/l)--*and* you are sufficient in 
> vitamin D3 (bloodlevel > 100 nmol/l) *then* you are at practically *zero 
> risk* for contracting more than *mild* COVID-19 symptoms.
> 
> Just saying.
> 

I don't trust you.
Evidence?(But NOT HERE on the list)

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20200504110057.GB29542%40thirdeyesecurity.org.

Re: [qubes-users] Me (anon-whonix AppVM) -> Tor -> VPN, settup with Mullvad VPN